CVE-2024-47057
Description
SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames.
User Enumeration via Timing Attack: A user enumeration vulnerability exists in the "Forget your password" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack.
MitigationPlease update to a version that addresses this timing vulnerability, where password reset responses are normalized to respond at the same time regardless of user existence.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mautic/corePackagist | >= 1.0.0, < 4.4.16 | 4.4.16 |
mautic/corePackagist | >= 5.0.0-alpha, < 5.2.6 | 5.2.6 |
mautic/corePackagist | >= 6.0.0-alpha, < 6.0.2 | 6.0.2 |
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.